ABB CoreSense HM and CoreSense M10
Summary
ABB CoreSense HM and CoreSense M10 products are affected by a path traversal vulnerability (CVE-2025-3465) that allows unauthenticated users to access restricted directories. Exploitation can lead to complete system compromise and sensitive data exposure. ABB has released updates to address this issue.
IFF Assessment
The discovery of a path traversal vulnerability that can lead to complete system compromise and data exposure is bad news for defenders, as it exposes critical infrastructure to potential attacks.
Severity
The CVSS score of 7.1 reflects a High severity rating. The vulnerability (Path Traversal) is exploitable by unauthenticated users and can lead to complete system compromise and sensitive data exposure, indicating a significant impact.
Defender Context
Defenders need to prioritize patching or updating ABB CoreSense HM and CoreSense M10 systems to the latest versions to mitigate the risk of path traversal attacks. Organizations operating in critical infrastructure sectors like Food and Agriculture, Commercial Facilities, and Critical Manufacturing, where these products are deployed worldwide, should be particularly vigilant.